[résolu] ordinateur infecté?

Nytia · le 19 juillet 2008

voici le rapport log:

ComboFix 08-07-18.3 - c 2008-07-19 14:58:28.2 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.236 [GMT 2:00]

Endroit: C:\Users\c\Desktop\ComboFix.exe

Command switches used :: C:\Users\c\Desktop\CFScript.txt

* Création d'un nouveau point de restauration

* Resident AV is active

.

((((((((((((((((((((((((((((( Fichiers créés 2008-06-19 to 2008-07-19 ))))))))))))))))))))))))))))))))))))

.

2008-07-17 22:53 . 2008-07-18 15:04 <REP> d-------- C:\Program Files\Navilog1

2008-07-15 20:05 . 2008-07-15 20:05 <REP> d-------- C:\Users\All Users\WindowsSearch

2008-07-15 20:05 . 2008-07-15 20:05 <REP> d-------- C:\ProgramData\WindowsSearch

2008-07-14 01:30 . 2008-07-14 01:30 <REP> d-------- C:\Users\c\table_fichiers

2008-07-13 20:37 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll

2008-07-13 20:37 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll

2008-07-13 20:37 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

2008-07-09 16:04 . 2008-07-09 16:04 <REP> d-------- C:\Program Files\Lavasoft

2008-07-09 16:03 . 2008-07-09 16:03 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-07-09 14:10 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-07-09 14:10 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-07-09 14:10 . 2008-04-26 10:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-07-09 14:10 . 2008-04-12 05:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll

2008-07-09 14:10 . 2008-05-10 05:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll

2008-07-09 14:10 . 2008-04-05 03:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys

2008-07-09 14:10 . 2008-04-05 05:34 15,360 --a------ C:\Windows\System32\pacerprf.dll

2008-07-09 14:09 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll

2008-07-09 14:09 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll

2008-07-09 14:09 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll

2008-07-09 14:09 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe

2008-07-09 14:09 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx

2008-07-09 14:09 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe

2008-07-09 14:09 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll

2008-07-07 20:11 . 2008-07-07 20:15 <REP> d-------- C:\Users\c\AppData\Roaming\F-Secure

2008-07-07 20:02 . 2007-05-25 15:15 572,784 --a------ C:\Windows\System32\msvcp50.dll

2008-07-07 20:02 . 2007-05-25 15:10 67,120 --a------ C:\Windows\System32\drivers\fsdfw.sys

2008-07-07 20:02 . 2007-05-25 15:09 35,024 --a------ C:\Windows\System32\drivers\fses.sys

2008-07-07 20:01 . 2008-07-07 20:01 <REP> d-------- C:\Users\All Users\F-Secure

2008-07-07 20:01 . 2008-07-07 20:01 <REP> d-------- C:\ProgramData\F-Secure

2008-07-07 20:00 . 2008-07-07 21:51 <REP> d-------- C:\Program Files\F-Secure Internet Security

2008-07-07 19:59 . 2008-07-07 19:59 <REP> d-------- C:\Users\All Users\fssg

2008-07-07 19:59 . 2008-07-07 19:59 <REP> d-------- C:\ProgramData\fssg

2008-07-07 14:45 . 2008-07-08 12:15 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-07-07 14:45 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys

2008-07-07 14:45 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys

2008-07-06 23:05 . 2008-07-06 23:05 <REP> d-------- C:\Program Files\Secunia

2008-07-06 16:55 . 2008-07-06 16:55 <REP> d-------- C:\Program Files\Real

2008-07-06 16:55 . 2008-07-06 22:58 <REP> d-------- C:\Program Files\Common Files\Real

2008-07-06 15:37 . 2008-07-10 19:38 <REP> d-------- C:\Program Files\PeerTV

2008-06-22 20:14 . 2008-06-22 22:09 <REP> d-------- C:\Users\c\AppData\Roaming\Skype

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-10 10:59 --------- d-----w C:\Program Files\Windows Mail

2008-07-09 12:12 --------- d-----w C:\ProgramData\Lavasoft

2008-07-07 17:50 --------- d-----w C:\ProgramData\Kaspersky Lab

2008-07-07 12:48 --------- d-----w C:\Program Files\Google

2008-07-07 12:07 --------- d-----w C:\Program Files\adslTV

2008-07-06 13:44 --------- d-----w C:\Users\c\AppData\Roaming\LimeWire

2008-07-05 17:49 921,632 ----a-w C:\PA7302.DAT

2008-06-22 18:13 --------- d-----w C:\ProgramData\CyberLink

2008-06-14 12:23 174 --sha-w C:\Program Files\desktop.ini

2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Sidebar

2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Journal

2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Defender

2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Collaboration

2008-06-14 12:12 --------- d-----w C:\Program Files\Windows Calendar

2008-06-13 18:12 --------- d-----w C:\Program Files\OpenOffice.org 2.4

2008-06-13 16:50 --------- d-----w C:\Program Files\OpenOffice.org 2.3

2008-06-13 16:49 --------- d-----w C:\Users\c\AppData\Roaming\OpenOffice.org2

2008-06-12 22:09 --------- d-----w C:\ProgramData\Microsoft Help

2008-06-12 18:54 --------- d-----w C:\Program Files\Gadwin Systems

2008-06-11 18:16 --------- d-----w C:\Users\c\AppData\Roaming\ArcSoft

2008-06-11 18:05 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-11 18:05 --------- d-----w C:\Program Files\ArcSoft

2008-06-11 18:04 --------- d-----w C:\Program Files\Common Files\ArcSoft

2008-06-11 17:59 --------- d-----w C:\Program Files\VGA USB Camera

2008-06-11 17:58 --------- d-----w C:\Users\c\AppData\Roaming\InstallShield

2008-06-10 21:10 --------- d-----w C:\Program Files\LimeWire

2008-06-09 19:52 --------- d-----w C:\Program Files\Kaspersky Lab

2008-05-31 20:58 7,586 ----a-w C:\Users\c\AppData\Roaming\wklnhst.dat

2008-05-09 20:43 720,896 ----a-w C:\Windows\iun6002ev.exe

2007-11-01 20:57 319,488 ----a-w C:\Users\c\setup.exe

2002-03-11 09:06 1,822,520 ----a-w C:\Users\c\instmsiw.exe

2002-03-11 08:45 1,708,856 ----a-w C:\Users\c\instmsia.exe

2008-03-26 17:19 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-03-26 17:19 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-03-26 17:19 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]

"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-16 00:42 243200]

"MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-13 00:36 102400]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400]

"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]

"PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 11:01 319488]

"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" [2007-05-25 15:12 183208]

"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 15:11 740208]

"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 12:39 4702208 C:\Windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-08-03 07:22 1826816 C:\Windows\SkyTel.exe]

C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

Secunia PSI (RC2).lnk - C:\Program Files\Secunia\PSI (RC2)\psi.exe [2008-05-26 10:49:10 667648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\MAGICS~1\Kernel\Burner\MKDMP3Enc.ACM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{A5199727-6466-4AEC-8052-7D3C9FDC72BA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{BDDEB3A0-109D-4E3F-BA37-CB557AA61449}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{73B454D4-270E-49A1-9189-E12EDE93C486}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{BE34A8E4-C347-4C64-85AE-4D53F4A3C0F1}C:\\program files\\peertv\\peercast.exe"= UDP:C:\program files\peertv\peercast.exe:PeerCast.exe

"UDP Query User{9BE2F5AD-427C-49EE-8315-E592867C9229}C:\\program files\\peertv\\peercast.exe"= TCP:C:\program files\peertv\peercast.exe:PeerCast.exe

"{B8568C56-CB86-4B39-9EBA-5F9D13FC6C5E}"= UDP:C:\Program Files\PeerTV\PeerTV.exe:PeerTV

"{E8A4C6BD-09C9-402A-A911-3366AE6D945F}"= TCP:C:\Program Files\PeerTV\PeerTV.exe:PeerTV

"TCP Query User{3718C70A-6339-47E5-839C-22028C6DBBE7}C:\\program files\\peertv\\vlc\\vlc.exe"= UDP:C:\program files\peertv\vlc\vlc.exe:VLC media player

"UDP Query User{8B64C850-B81F-4D8A-9CEA-8D169797CF54}C:\\program files\\peertv\\vlc\\vlc.exe"= TCP:C:\program files\peertv\vlc\vlc.exe:VLC media player

"{B99FC945-68EA-4139-A4C4-54CB687B55C9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2008-07-07 21:32]

R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-05-25 15:09]

R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-05-25 15:10]

R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsvista.sys [2007-05-25 15:08]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08]

R3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-09-17 22:09]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 05:12]

S3 PAC7302;PAC7302 VGA USB Camera;C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 15:29]

S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [2008-04-23 13:56]

S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-01-24 16:38]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-01-24 16:38]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-01-24 16:38]

S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09]

S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5654ee7c-c1c4-11dc-bf82-88dd6ad84efc}]

\shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbeca187-cc05-11dc-8dcf-001e8c454d96}]

\shell\AutoRun\command - E:\LaunchU3.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-07-19 13:00:02 C:\Windows\Tasks\Extension de garantie.job"

- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe

"2008-07-18 19:18:19 C:\Windows\Tasks\User_Feed_Synchronization-{15747C5E-44C1-462D-B971-284D342E60B6}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-19 15:05:36

Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès

Les fichiers cachés: 0

**************************************************************************

.

Temps d'accomplissement: 2008-07-19 15:09:02

ComboFix-quarantined-files.txt 2008-07-19 13:08:51

ComboFix2.txt 2008-07-19 11:18:31

Pre-Run: 96,404,889,600 octets libres

Post-Run: 96,374,620,160 octets libres

181 --- E O F --- 2008-07-16 12:20:48

Nytia · le 19 juillet 2008

et celui d'hijackthis: merci.